<p>Using <code>File.createTempFile</code> as the first step in creating a temporary directory causes a race condition and is inherently unreliable and
insecure. Instead, <code>Files.createTempDirectory</code> (Java 7+) should be used.</p>
<p>This rule raises an issue when the following steps are taken in immediate sequence:</p>
<ul>
  <li> call to <code>File.createTempFile</code> </li>
  <li> delete resulting file </li>
  <li> call <code>mkdir</code> on the File object </li>
</ul>
<p><strong>Note</strong> that this rule is automatically disabled when the project’s <code>sonar.java.source</code> is lower than <code>7</code>.</p>
<h2>Noncompliant Code Example</h2>
<pre>
File tempDir;
tempDir = File.createTempFile("", ".");
tempDir.delete();
tempDir.mkdir();  // Noncompliant
</pre>
<h2>Compliant Solution</h2>
<pre>
Path tempPath = Files.createTempDirectory("");
File tempDir = tempPath.toFile();
</pre>
<h2>See</h2>
<ul>
  <li> <a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/">OWASP Top 10 2021 Category A1</a> - Broken Access Control </li>
  <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities">OWASP Top 10 2017 Category A9</a> - Using
  Components with Known Vulnerabilities </li>
  <li> <a href="https://cwe.mitre.org/data/definitions/377.html">MITRE, CWE-377</a> - Insecure Temporary File </li>
  <li> <a href="https://cwe.mitre.org/data/definitions/379.html">MITRE, CWE-379</a> - Creation of Temporary File in Directory with Incorrect
  Permissions </li>
  <li> <a href="https://www.owasp.org/index.php/Insecure_Temporary_File">OWASP, Insecure Temporary File</a> </li>
</ul>

